package com.example.text.common.filter;

import com.example.text.common.utils.SpringContextUtils;
import com.example.text.dao.AdminPermissionDao;
import com.example.text.entity.AdminPermission;
import com.example.text.service.AdminPermissionService;
import com.example.text.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;


import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Set;

public class URLPathMatchingFilter extends PathMatchingFilter {

    @Autowired
    AdminPermissionService adminPermissionService;

    @Autowired
    AdminPermissionDao adminPermissionDao;

    @Autowired
    UserService userService;

    @Override
    protected  boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        HttpServletRequest httpServletRequest=(HttpServletRequest) request;
        HttpServletResponse httpServletResponse=(HttpServletResponse) response;

        //执行options请求
        if(HttpMethod.OPTIONS.toString().equals((httpServletRequest).getMethod())){
            httpServletResponse.setStatus(HttpStatus.NO_CONTENT.value());
            return  true;
        }

        if(null==adminPermissionService){
            adminPermissionService = SpringContextUtils.getContext().getBean(AdminPermissionService.class);
        }

        String requestAPI =getPathWithinApplication(request);
        System.out.println("访问接口"+requestAPI);

        Subject subject = SecurityUtils.getSubject();

        if(!subject.isAuthenticated()){
            System.out.println("需要登录");
            return false;
        }

        //判断访问接口是否需要过滤（数据库中是否有对应信息）
        boolean needFilter =adminPermissionService.needFilter(requestAPI);

        if(!needFilter){
            System.out.println("接口："+requestAPI+"无需权限");
            return true;
        }else {
            System.out.println("验证访问权限："+requestAPI);

            //判断当前用户是否有相应权限
            boolean hasPermission =false;
            String username =subject.getPrincipal().toString();
            Set<String>permissionAPIs =adminPermissionService.listPermissionURLByUser(username);
            for(String api :permissionAPIs){
                if(requestAPI.startsWith(api)){
                    hasPermission=true;
                    break;
                }
            }

            if(hasPermission) {
                System.out.println("访问权限："+requestAPI+"验证成功");
                return true;
            }else {
                System.out.println("当前用户没有访问接口"+requestAPI+"的权限");
                return  false;
            }
        }
    }

    public boolean needFilter(String requestAPI) {
        List<AdminPermission> ps = adminPermissionDao.findAll();
        for (AdminPermission p: ps) {
            if (p.getUrl().equals(requestAPI)) {
                return true;
            }
        }
        return false;
    }
}
